shadow

W32.SillyFDC is getting me down

I usually post about techie stuff I manage to do successfully, but W32.SillyFDC is a nasty little virus that is getting me down.


I’m not in the IT Department, yet I somehow manage to do what they can’t. It’s often virus related, as our network is as secure as public park on Sunday. Hey, they’re busy, so let’s not fault them for anything.

I also have this uncanny ability to make electronics work by merely standing next to it. I can’t explain it, but it’s happened time and time again that something, usually a computer (but often DVD players too) don’t work an several people try to get it to work.

When eventually they give up, they call me over (and the more this happens the more I get called over). When I ask them to show me what they’re doing that causes the problem, it miraculously works. Electronics like me, what can I say.

My colleague’s computer was a veritable virus zoo - oh the creatures we found!So down in The Dungeon, a supposedly haunted, windowless office, downloading of anything is rife. ICQ was on one of the computers and when a virus came knocking an ignorant somebody answered and poof, W32.SillyFDC was in my life.

Because these things frequently try to copy itself onto my zip-drive or over the network into my shared folder, it’s in my interest to remove them when the IT guys say they can’t. Which is often.

But W32.SillyFDC has me stumped.

It’s fascinating to find this many specimens on one computer.I’ve followed at least 4 tutorials from different sources on how to remove this little shit. I’ve deleted files and registry keys, in Safe Mode and normal mode. I’ve used AVG, Norton and Spyware Doctor and nobody can get rid of it. Even my usual saviour, Spybot Search & Destroy couldn’t help me. Hijack this wasn’t much help, but I guess I can explore that more.

The annoying thing is the virus programs tend to pick it up, but when they delete it, the thing just copies itself again. Norton, for instance, goes into an infinite loop and everytime it finds and deletes the virus, the virus just copies itself. Over and over again.

So if anybody has the sure-fire solution for getting rid of W32.SillyFDC, then please do let me know.

3 Comments

  • AB

    25 April 2008 at 18:39

    If you have XP, try using:

    tasklist /M

    for each process it will list the DLL in use. HijackThis will give you a clue as to what DLL are in use by this thing. I have noticed that it like lsass.exe and winlogon.exe. Removing it by killing lsass.exe with TaskKill(WinXP) will give you about 30 seconds to delete the ofending dll's. However, since a copy is loaded in winlogon.exe you need to replace this file. I tried renaming the file under

    c:windowssystem32

    and

    c:windowssystem32dllcache

    However, this BSOD the system, at which point I go in with a XP installation cd, go to the recovery console and do a:

    extract cd:i386winlogon.ex_ c:windowssystem32

    and again to

    extract cd:i386winlogon.ex_ c:windowssystem32dllcache

    Left the machine on overnight, hopefully the machine didn't get re-infected. Will post again tomorrow if any better.

  • 1Earth

    26 April 2008 at 10:45

    Hi AB

    I got rid of the Virus in the end, but I'm not sure how now.

    I downloaded Spyware Doctor through the Google Pack and that got rid of it for me – I think. The first time I only had a demo copy that showed the infection, but doesn't cure. I wrote down the files and registry keys, rebooted in Safe Mode and deleted the lot.

    I also had Spybot SD installed with it. This prevents reinfection as the virus/worms wants to modify a registry key to reinstall itself if it gets deleted. If you block it there, it can't reinstall when deleted.

    They were hiding in different files to what you listed, so I think it might be unique to different machines.

    The best is to not get infected in the first place. People on my work network do all sorts of stuff, clicking on attachments left, right and centre, downloading things, etc. I've closed all my shares, prevent automatic connection to network drives and have a separate spam block on my emails.

    This has kept me clean so far.

  • amul

    28 May 2008 at 21:12

    Hi

    I have a questions regarding w32.sillyFDC. My USB drive got infected with this virus, which was detected by Norton. Norton has now quaratined all folders on this USB drive. Will I be able to remove the virus completely? If not, is formating the drive only way to recover the space occupied by quarantined files?

    Thanks for your help.

Post a Comment

%d bloggers like this: